US computers still the source of most malware

The cybersecurity trend lines and aggregate data reports for 2008 are …

The ISP shutdowns of 2008 may have cut the overall amount of spam flooding across the Internet, but the largest share of the world's malware is still being hosted right here in the United States. According to the most recent Sophos report, the US hosts 37 percent of all malware sites followed by China (27.7 percent) and Russia (9.1 percent). Despite the well-publicized Atrivo and McColo cutoffs, the US share of total malware rose from 23.4 percent in 2007 to 37 percent in 2008, while China's share dropped by nearly 50 percent, from 51.4 to 27.7 percent.

Other malware trends in 2008 include a rise in infected e-mail attachments. In 2005, 1 in every 44 e-mails carried a viral attachment, but that ratio had fallen to 1 in 909 in 2007. This year, the number of attached payloads rose—1 in 714 e-mails was infected—though this may represent little more than a blip on the long-term radar. Botnet masters and their ilk also continued to play on current events; both the Obama campaign and the September financial crisis on Wall Street were targeted by spammers pretending to offer access to vital information or "secret" data. At least one Trojan—Mal/Hupig-D—managed to gain a foothold for itself by purporting to offer a link to a porn starring President-elect Obama. Unfortunately, the botnet master opted not to run identical campaigns for Obama, Biden, Palin, and McCain, thus preventing (or saving) us from having access to a very disturbing data set.

Scareware and fakeware antivirus programs were also big in the latter half of the year, but this is one trend that may have a short lifespan. The FTC has filed complaints against such companies, and Microsoft has pledged its own considerable resources toward fighting the scareware malaise. The fact that these companies are actively selling fraudulant products, and doing so within the US, makes them much easier to target than a shell corporation running out of Aruba.

The full details of the report, including some information on the 2008 spam industry and the state of Mac security are included here (PDF). Apple systems aren't something malware vendors typically have cared about, but we are beginning to see the rise of scareware-based products aimed at enticing Mac users into deliberately installing infected AV solutions. Sophos makes the standard argument that as the Mac's marketshare increases, so too will its attractiveness as a badware platform, but the company also notes that the arrogant complacency of many Apple users could drastically increase the effectiveness of any malware threat. The fact that such an attack has yet to occur is anything but proof that it cannot occur. I'm not personally advocating Mac users jump on the AV bandwagon, but staying abreast of security developments within Mac OS X is a prudent course of action.